Password Policy

Tennessee State University – Information Technology Policy

Password Policy This password policy will apply to the following systems: the TSU network, TSU wireless network, myTSU, Exchange e-mail, TSU website accounts, screen saver protection, SciQuest purchasing system, eLearn (D2L) system, and INB Banner, and any other computing or network resource used on the TSU campus. Users will be forced on some systems to reset passwords every 90-180 days. As a general rule, users should reset their passwords at least every 90-180 days.

This policy establishes the requirements for creating strong passwords, the protection and management of passwords, the frequency passwords are to be changed, and password privacy.

Strong password construction criteria at TSU is:

a)Must be at least eight (8) characters in length

b)Must contain at least 1 uppercase letter (A–Z)

c)Must contain at least 1 lowercase letter (a-z)

d)Must contain at least 1 or more numbers (0-9)

Additionally, the construction of passwords should not:

Include a word in any language, slang, dialect, jargon, etc.

Be based on personal information, names of family, birthdates, etc.

Password Management and Protection

Passwords must not be inserted into email messages or other forms of electronic communication

Do not share TSU passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive TSU information

Do not reveal a password over the phone to anyone

General Password Construction Guidelines

Weak passwords have the following characteristics:

Contains less than eight characters

Forms a word found in a dictionary (English or foreign) or is a common usage word such as: